#8783 New bitstreams inherit DEFAULT_BITSTREAM_READ from owning collection

Otherwise will keep inherited READ from bundle. Does not affect embargos set during submission or workflow, these will always be applied afterwards.
2025-10-17 23:13:10 +00:00 · 2023-05-12 14:01:14 +12:00
parent 03c39cf6f1
commit 019d0319dc
2 changed files with 81 additions and 2 deletions
--- a/dspace-api/src/main/java/org/dspace/content/BundleServiceImpl.java
+++ b/dspace-api/src/main/java/org/dspace/content/BundleServiceImpl.java
@@ -34,6 +34,7 @@ import org.dspace.content.service.ItemService;
 import org.dspace.core.Constants;
 import org.dspace.core.Context;
 import org.dspace.core.LogHelper;
+import org.dspace.eperson.Group;
 import org.dspace.event.Event;
 import org.springframework.beans.factory.annotation.Autowired;

@@ -173,6 +174,28 @@ public class BundleServiceImpl extends DSpaceObjectServiceImpl<Bundle> implement
        // copy authorization policies from bundle to bitstream
        // FIXME: multiple inclusion is affected by this...
        authorizeService.inheritPolicies(context, bundle, bitstream);
+        if (owningItem != null) {
+            // Resolve owning collection
+            Collection owningCollection = owningItem.getOwningCollection();
+            if (owningCollection != null) {
+                // Get DEFAULT_BITSTREAM_READ policy from the collection
+                List<Group> defaultBitstreamReadGroups =
+                        authorizeService.getAuthorizedGroups(context, owningCollection,
+                                Constants.DEFAULT_BITSTREAM_READ);
+                log.info(defaultBitstreamReadGroups.size());
+                // If this collection is configured with a DEFAULT_BITSTREAM_READ group, overwrite the READ policy
+                // inherited from the bundle with this policy.
+                if (!defaultBitstreamReadGroups.isEmpty()) {
+                    // Remove read policies from the bitstream
+                    authorizeService.removePoliciesActionFilter(context, bitstream, Constants.READ);
+                    for (Group defaultBitstreamReadGroup : defaultBitstreamReadGroups) {
+                        // Inherit this policy as READ, directly from the collection roles
+                        authorizeService.addPolicy(context, bitstream,
+                                Constants.READ, defaultBitstreamReadGroup, ResourcePolicy.TYPE_INHERITED);
+                    }
+                }
+            }
+        }
        bitstreamService.update(context, bitstream);
    }

--- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/BitstreamRestControllerIT.java
+++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/BitstreamRestControllerIT.java
@@ -17,8 +17,7 @@ import static org.dspace.builder.BitstreamFormatBuilder.createBitstreamFormat;
 import static org.dspace.builder.ResourcePolicyBuilder.createResourcePolicy;
 import static org.dspace.content.BitstreamFormat.KNOWN;
 import static org.dspace.content.BitstreamFormat.SUPPORTED;
-import static org.dspace.core.Constants.READ;
-import static org.dspace.core.Constants.WRITE;
+import static org.dspace.core.Constants.*;
 import static org.hamcrest.CoreMatchers.not;
 import static org.hamcrest.CoreMatchers.nullValue;
 import static org.hamcrest.Matchers.equalTo;
@@ -56,6 +55,8 @@ import org.apache.pdfbox.pdmodel.PDDocument;
 import org.apache.pdfbox.text.PDFTextStripper;
 import org.apache.solr.client.solrj.SolrServerException;
 import org.dspace.app.rest.test.AbstractControllerIntegrationTest;
+import org.dspace.authorize.ResourcePolicy;
+import org.dspace.authorize.service.AuthorizeService;
 import org.dspace.authorize.service.ResourcePolicyService;
 import org.dspace.builder.BitstreamBuilder;
 import org.dspace.builder.CollectionBuilder;
@@ -70,6 +71,7 @@ import org.dspace.content.Community;
 import org.dspace.content.Item;
 import org.dspace.content.service.BitstreamFormatService;
 import org.dspace.content.service.BitstreamService;
+import org.dspace.content.service.CollectionService;
 import org.dspace.core.Constants;
 import org.dspace.disseminate.CitationDocumentServiceImpl;
 import org.dspace.eperson.EPerson;
@@ -112,6 +114,12 @@ public class BitstreamRestControllerIT extends AbstractControllerIntegrationTest
    @Autowired
    private BitstreamFormatService bitstreamFormatService;

+    @Autowired
+    private AuthorizeService authorizeService;
+
+    @Autowired
+    private CollectionService collectionService;
+
    private Bitstream bitstream;
    private BitstreamFormat supportedFormat;
    private BitstreamFormat knownFormat;
@@ -626,6 +634,54 @@ public class BitstreamRestControllerIT extends AbstractControllerIntegrationTest

    }

+    @Test
+    public void testBitstreamDefaultReadInheritanceFromCollection() throws Exception {
+        context.turnOffAuthorisationSystem();
+
+        //** GIVEN **
+        //1. A community-collection structure with one parent community and one collections.
+        parentCommunity = CommunityBuilder.createCommunity(context)
+                .withName("Parent Community")
+                .build();
+
+        Group internalGroup = GroupBuilder.createGroup(context)
+                .withName("Internal Group")
+                .build();
+        // Explicitly create a restrictive default bitstream read policy on the collection
+        Collection col1 = CollectionBuilder.createCollection(context, parentCommunity).withName("Collection 1").build();
+        authorizeService.removePoliciesActionFilter(context, col1, DEFAULT_BITSTREAM_READ);
+        authorizeService.addPolicy(context, col1, DEFAULT_BITSTREAM_READ, internalGroup);
+
+        //2. A public item with a new bitstream that is not explicitly restricted
+        // but should instead inherit
+        Item publicItem1 = ItemBuilder.createItem(context, col1)
+                .withTitle("Public item 1")
+                .withIssueDate("2017-10-17")
+                .withAuthor("Smith, Donald").withAuthor("Doe, John")
+                .build();
+        // make sure this item has no default policies for a new bundle to inherit
+        authorizeService.removePoliciesActionFilter(context, publicItem1, DEFAULT_BITSTREAM_READ);
+
+        String bitstreamContent = "Private!";
+        try (InputStream is = IOUtils.toInputStream(bitstreamContent, CharEncoding.UTF_8)) {
+            bitstream = BitstreamBuilder
+                    .createBitstream(context, publicItem1, is)
+                    .withName("Test Restricted Bitstream")
+                    .withDescription("This bitstream is restricted")
+                    .withMimeType("text/plain")
+                    .build();
+        }
+        context.restoreAuthSystemState();
+        //** WHEN **
+        //We download the bitstream
+        getClient().perform(get("/api/core/bitstreams/" + bitstream.getID() + "/content"))
+                //** THEN **
+                .andExpect(status().isUnauthorized());
+
+        //An unauthorized request should not log statistics
+        checkNumberOfStatsRecords(bitstream, 0);
+    }
+
    @Test
    public void restrictedGroupBitstreamForbiddenTest() throws Exception {
        context.turnOffAuthorisationSystem();